Custom Query (1145 matches)

Filters
 
Or
 
  
 
Columns

Show under each result:


Results (268 - 270 of 1145)

Ticket Resolution Summary Owner Reporter
#495 fixed The new ssh/ticket delegation user experience is terrible jdreed

Reported by jdreed, 15 years ago.

Description

The combination of the fact that GSSAPIDelegateCredentials is not set on clients and that Debathena's sshd accepts non-delegated credentials is making for a terrible user experience on the dialups. (Whether or not the users *need* to be using the dialups is beside the point.)

In the long term, we would modify the patch to sshd on the old dialups, and upstream it, so that this was a configurable option in sshd_config, but that doesn't help us in the short term.

We added a warning, but no one reads it, and it doesn't help with SFTP connections.

Possibly short term solutions:

  • Patch sshd on the dialups to restore the old functionality (mmanley is looking into this)
  • Configure the dialups to run renew on the user's behalf if there are no tickets (this feels like a MitM attack, and will also break non-interactive sessions, or anything using expect(1), and possibly also break other things we haven't thought of)
  • Configure ssh_config on Debathena to delegate to the dialups (we rejected this before based on security concerns, and also because having host-specific behavior might be more confusing)
  • Configure the dialups to log you off (with a detailed error message) if you don't have tickets. Frankly, there's no need for anyone to be logged into athena.dialup without tickets/tokens. Anyone who actively _wants_ that situation almost certainly has access to another machine. Or Linerva.
#497 fixed backport schroot to Karmic geofft

Reported by geofft, 15 years ago.

Description

Evan says this will take him half an hour.

#498 fixed AppArmor profile for evince prevents using lpr.debathena geofft

Reported by geofft, 15 years ago.

Description

Ticket #166, namely that diversions and AppArmor? don't play well together, strikes again. ezyang reports that printing to lpr from evince on Karmic doesn't work until he disables AppArmor?, presumably because the profile lets evince use /usr/bin/lpr but not /usr/bin/lpr.debathena.

Note: See TracQuery for help on using queries.